Home Office publishes hacking guidelines for spooks
MI5 and MI6’s hacking practices made public as government opens consultation on spying
The Home Office has published a draft of its latest computer hacking guidance for spies.
The Equipment Interference Code of Practice will apply to any interference by the intelligence services with "equipment producing electromagnetic, acoustic and other emissions" in other words, electronic devices including tablets, phones, computers, servers and more.
It will also extend to cover any information obtained through hacking, and was published to make the security services more transparent in the post-Snowden era, which has revealed the extent of government spying across the Western world.
Explaining the decision to publish the draft, minister of state for immigration and security, James Brokenshire, said: "There are limits on what can be said in public about this work. But it is imperative that the Government is as open as it can be about these capabilities and how they are used.
"The public and Parliament needs to have confidence that there is a robust statutory framework for the use of such intrusive investigative powers and that there is a strong system of safeguards in place."
The draft guidance discusses the balancing act between intruding on someone's privacy and the necessity of hacking into their devices.
It also advises spooks to assess the risk of hacking the wrong person, as well as regular reviews of warrants to assess whether an operation should continue.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
The guidelines outline the issues of obtaining information that is under legal privilege i.e. MPs' conversations on constituency business, confidential personal information, or confidential journalistic material.
Spies should minimise the risk of obtaining this kind of information during a hacking operation, the guidance recommends, and ensure it is not used in police investigations or appears in court.
Brokenshire said the draft provides the public with the most information to date on the practices of the UK's intelligence services, making clear the protection people's data is afforded.
"The new draft ... details the safeguards applied to different investigative techniques, including the use of computer network exploitation, to identify, track and disrupt the most sophisticated targets," he added.
"In order to continue to keep us safe, the security and intelligence agencies need the full range of investigatory tools at their disposal.
"But the public needs to know that these powers are used appropriately and are subject to stringent oversight."
People can comment and feedback on the draft under a public consultation ending 20 March.